Digital health products are increasing faster than ever. These technologies (e.g., apps and connected devices) collect massive data about the users including health, medical , sex life, and other intimate data. In this paper, we study a set of Internet of Thing (IoT) devices which are advertised for general and/or intimate health purposes of female bodies (also known as female-oriented technologies or FemTech). We particularly focus on the security and privacy of the Blue-tooth connection between the IoT device and the mobile app.
Our results highlight the serious vulnerabilities present in the current off-the-shelf FemTech devices. These vulnera-bilities include unencrypted Bluetooth traffic, insecure Blue-tooth authentication and undocumented Bluetooth services. We implement Bluetooth attacks to intercept and manipulate the communication between these devices and apps resulting in the malfunctioning of their corresponding Android app. We discuss our results and provide a set of recommendations for different stakeholders to improve the security and privacy practices of Bluetooth-enabled IoT devices in such a sensitive and intimate domain.